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DETAILED ACTION 

1 . This office action is in response to the Request for Continued Examination filed on 
06/01/2009. 

2. Claims 1-2, 4-21 and 23-39 are pending in the application and have been examined. 

3. A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 06/01/2009 has been entered. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 1-2,4-8, 11-18, 20-21, 23-36 and 38-39 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Alverson's background (U.S. Patent No. 7,020,767) in view of Angelo 
(U.S. Patent No. 6,581,162). 

6. Regarding claim 1, Alverson discloses a system with multiple domains. 

Alverson also discloses a protection requirement for the domains, but fails to disclose 
particular information about monitoring. 
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Angelo discloses a monitoring function within a processing system (col 7 line 40 to col 8 
line 15). 

Alverson, at the time of the invention, would have been motivated to use SMM and SMI 
in computer security memory management to protect against malicious software and viruses, 
thereby improving computer security memory management. Furthermore, Alverson has shown 
an expressed desire for multiple levels of protection that is domain specific (col 2 line 56-57). 

It would have been obvious at the time of the invention for one of ordinary skill in the art 
to take the system of Alverson and incorporate the SMM and SMI security of Angelo. The 
combination would be as follows: 

Alverson/Angelo discloses a method of controlling a monitoring function of a processor 
(Angelo col 7 line 40 to col 8 lines 15), 

said processor being operable in at least two domains (col 1 lines 30-33), comprising a 
first domain and a second domain, said first and second domains each comprising at least one 
mode (col 7 line 61 to col 8 line 4), said method comprising the steps of: 

controllably monitoring (col 7 line 56-58) said processor operating in each of said at least 
two domains (col 1 lines 30-33 and col 2 lines 56-57 — Note that the citations indicate that 
Alverson desired a level of security that can vary in each domain), 

setting at least one control value, said at least one control value to an enable value [col 7 
lines 56-58], said at least one control value relating to a condition, said condition comprising a 
respective one of a domain or mode that said processor is operating in or to a type of said 
monitoring function, said control value being set to be an enable value for said related condition 
to indicate that said monitoring function is allowable in said first domain (Angelo col 7 line 61 to 
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col 8 line 4); and only allowing initiation of said monitoring function in said first domain when 
said condition is present if its related control value indicates that said monitoring function is 
allowable; and not allowing initiation of said monitoring function in said first domain when said 
condition is present and its related control value indicates that said monitoring function is not 
allowable (col 7 line 61 to col 8 line 4). 

7. Regarding claim 2, Alverson/Angelo discloses the method according to claim 1, wherein 
said first domain is a secure domain and said second domain is a non-secure domain (Angelo col 
8 line 4), said processor being operable such that when executing a program in a secure mode 
within said secure domain said program has access to secure data which is not accessible when 
said processor is operating in a non-secure mode within said non-secure domain (Angelo col 8 
line 11-15). 

Note that a domain is considered to be in a secure mode when the SMI handler is 
running. At this point, it is a "secure domain ". Otherwise, it is non-secure. 

8. Regarding claim 4, Alverson/Angelo discloses the method according to claim 3, wherein 
said condition comprises a secure domain and said control value comprises a secure domain 
enable value, initiation of monitoring in said secure domain only being allowed if said secure 
domain enable value is set (Angelo col 7 line 61 to col 8 line 4). 

9. Regarding claim 5, Alverson/Angelo discloses the method according to claim 3, wherein 
said secure domain includes a secure user mode and said condition comprises a secure user mode 
(Angelo col 8 line 1). 

Note that the handler routine is considered to be the "secure user mode" 
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10. Regarding claim 6, Alverson/Angelo discloses the method according to claim 5 wherein 
said control value comprises a secure user mode enable bit (col 7 line 56-57) and initiation of 
monitoring from secure user mode is only allowed if said secure user mode enable bit has been 
set (Angelo col 7 line 61 to col 8 line 4). 

1 1 . Regarding claim 7, Alverson/Angelo discloses the method according to claim 4, wherein 
said condition comprises a type of monitoring function (Angelo col 8 line 1-4). 

12. Regarding claim 8, Alverson/Angelo discloses the method according to claim 7, wherein 
said condition comprises a debug monitoring function and said control value comprises a debug 
enable bit, initiation of debug in said first domain only being allowable if said debug enable bit 
has been set (Angelo col 8 line 8-11). 

Note that the monitoring function is considered to be a debug monitoring function. 

13. Regarding claim 11, Alverson/Angelo discloses the method according to claim 1, said 
method comprising setting a plurality of control values, each of said plurality of control values 
relating to a different condition; and only allowing initiation of said monitoring function in said 
first domain if any of said conditions are present if each of said control values related to a 
condition that is present indicate that said monitoring function is allowable (Angelo col 7 line 61 
to col 8 line 11). 

Note that the plurality of control values includes the SMI interrupt and the SMI ACT 

signal. 

14. Regarding claim 12, Alverson/Angelo discloses the method according to claim 1, said 
method further comprising said steps of: setting a control indicator, said control indicator 
indicating that monitoring is only allowable for specified applications; and prior to initialising 
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said monitoring function checking an application identifier; and only allowing initiation of said 
monitoring function if said application currently running is one for which monitoring is 
allowable. 

Note that Alverson/Angelo, as previously combined, does not necessarily disclose the 
limitations above. As originally combined, the SMI handler routine is domain specific; however, 
it would further be obvious to make these routines stream (or application) specific. 

Alverson would have been motivated to utilize this technique since the invention is 
initially concerned with stream specific privileges (Alverson col 2 lines 56-57). 

15. Regarding claim 13, Alverson/Angelo discloses the method according to claim 12, 
wherein the step of setting a control indicator comprises setting a control indicator stored in a 
predetermined position in a storage element. 

Note that the use of a particular interrupt or signal suggests that it is held in a common 
register that is considered to be "a predetermined position in a storage element". More 
generally, in order for the signal to have the necessary effects, its position must be 
predetermined; otherwise, the processor would not know what the signal is attempting to signify. 

16. Regarding claim 14, Alverson/Angelo discloses the method according to claim 12, 
wherein said monitoring function comprises monitoring said processor and capturing diagnostic 
data (Angelo col 7 line 64 to col 8 line 4), said method comprising the further step of: following 
initiation of said monitoring function only allowing capturing of diagnostic data in said first 
domain while an application running on said processor is one for which monitoring is allowable 
(see claim 12). 
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17. Regarding claim 15, Alverson/Angelo discloses the method according to claim 1, 
wherein said monitoring function comprises monitoring said processor and capturing diagnostic 
data (Angelo col 7 line 64 to col 8 line 4), said method comprising the further step of: following 
initiation of said monitoring function only allowing capturing of diagnostic data in said first 
domain when a condition changes if a control value related to the changed condition indicates 
that said monitoring function is allowable (Angelo col 8 line 8-1 1). 

18. Regarding claim 16, Alverson/Angelo discloses the method according to claim 1, 
wherein setting of at least one control value is performed either by setting said control value via 
an input port or by setting said control value from the first domain (Angelo col 7 line 56-58). 

19. Regarding claim 17, Alverson/Angelo discloses the method according to claim 16, said 
method comprising the further step of blocking write access to said control value via said input 
port such that the step of setting said control value can henceforth only be performed by setting 
said control value from said first domain. 

Note that the SMM signal in some embodiments (Angelo see col 7 lines 56-58) does not 
require an input port. Consequently, these embodiments are considered to be blocked, leaving 
only modification from the first domain. 

20. Regarding claim 18, Alverson/Angelo discloses the method according to claim 1, 
wherein said first domain comprises a first user mode (Alverson col 1 lines 30 to 33) and a first 
privileged mode (Alverson col 2 lines 56-57) and the step of setting at least one control value in 
said first domain (Angelo col 8 lines 8-11), comprises setting said control value from said first 
privileged mode. 
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Note that a level of privilege will often be activated (Alverson) when the SMI handler 
routine is called (Angelo) 

21. Regarding claims 20-28, see claims 1-9. 

22. Regarding claim 29, Alverson/Angelo discloses the processor according to claim 20, 
wherein: said storage element is operable to contain a plurality of control values, each of said 
plurality of control values relating to a different condition (Angelo col 7 lines 57-58 and col 8 
lines 9-11); and said control logic is operable to only allow initiation of said monitoring logic in 
said first domain if any of said conditions are present if each of the control values related to a 
condition that is present indicate that the monitoring logic is allowable (Angelo col 7 lines 61- 
64). 

23. Regarding claim 30, Alverson/Angelo discloses the processor according to claim 29 
wherein one condition comprises a secure domain and a corresponding control value comprises a 
secure domain enable bit (Angelo col 7 line 61 to col 8 line 4) and a further condition comprises 
a secure user mode and a corresponding control value comprises a secure user mode enable bit 
(Alverson col 1 lines 30-33 — note that the secure user mode and secure mode of the domain are 
considered to be the same), said control logic being operable to initiate said monitoring logic 
from secure user mode only when said storage element contains both a secure user mode enable 
bit and a secure domain enable bit (Angelo col 7 line 61 to col 8 line 4). 

24. Regarding claim 3 1 , Alverson/Angelo discloses the processor according to claim 20, 
wherein: said storage element is further operable to contain a control indicator, said control 
indicator indicating that monitoring is only allowable for identified applications (see 
combination used in claim 12); and said control logic is operable to check at least one identifier 
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identifying an application that is allowable (Angelo col 7 line 61-64), said control logic only 
initiating said monitoring logic in the first domain when said application currently running is one 
identified as being one for which monitoring is allowable (Angelo col 7 line 61 to col 8 line 4).. 

25. Regarding claim 32, Alverson/Angelo discloses the processor according to claim 3 1 , said 
processor comprising a further storage element, said storage element being operable to contain 
said at least one identifier specifying an application that is allowable (Alverson col 1 lines 37- 
38). 

26. Regarding claim 33, Alverson/Angelo discloses the processor according to claim 31, 
wherein said monitoring logic is operable to monitor the processor and capture diagnostic data 
(Angelo col 7 liens 61-64); and wherein said control logic is operable to control the monitoring 
logic to suppress capturing of diagnostic data in said first domain when said control logic detects 
that said application running is not one identified as being allowable (Alverson col 1 lines 37- 
38). 

Note that if the processing system hasn 't picked a particular application stream to run, 
then the monitoring of that application is considered to be suppressed. 

27. Regarding claim 34, Alverson/Angelo discloses the processor according to claim 20, said 
processor further comprising an input port, wherein said control value is operable to be set in 
said storage element either via the input port or via an input from said first domain (Angelo col 7 
line 56-58). 

28. Regarding claims 35-36, see claims 16-18, respectively. 

29. Regarding claims 38 and 39, Alverson/Angelo disclose the use of a register holding the 
storage elements. 
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Note that according to the American Heritage College dictionary, a computer science 
definition of a register is "a part of a central processing unit used as a storage location." 

30. Claims 9, 10, 19 and 37 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Alverson/Angelo in view of common art. 

3 1 . Regarding claim 9, Alverson/Angelo discloses the method according to claim 8, 
Alverson/Angelo discloses saving a portion of memory (Angelo col 7 lines 61-64). 

Angelo fails to particularly disclose that the information includes instruction traces. 

Examiner asserts that saving instruction traces is common in the art and can be utilized 
for many debugging purposes. Alverson/Angelo would have been motivated to utilize this 
technique to gather more debugging/security information for analysis. It would be further 
obvious to include a trace enable bit so the processor knows when to save instruction traces. 

32. Regarding claim 10, Alverson/Angelo discloses the method according to claim 9, 
wherein said secure domain enable value comprises a secure debug enable bit and a secure trace 
enable bit, initiation of debug and trace in said secure domain only being allowable if respective 
portions of said secure domain enable value are set (see claim 9). 

33. Regarding claims 19 and 37, Alverson/Angelo discloses a method according to claim 16, 
wherein said first domain comprises a first user mode (Angelo col 1 lines 30-33) and a first 
privileged (Alverson col 2 lines 56-57) mode and said step of setting at least one control value in 
the first domain (Angelo col 8 lines 8-11), 

Examiner asserts that it would have been obvious to require a non-privileged mode, 
domain, etc. to require an authentication code before accessing the control value of a privileged 
domain. 
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Examiner further asserts that Angelo/Alverson desired to have a form of security 
(Alverson col 2 lines 56-57 and Angelo col 8 line 4) and would be motivated to utilize this 
technique. Additionally, Angelo col 7 lines 15-24 shows the use of an authorization code, 
generally. 

Response to Arguments 

34. Applicant's arguments filed 06/01/2009 have been fully considered but they are not 
persuasive. Applicant argues that the prior art does not teach a control value relating to a 
condition, wherein the condition comprises a domain or mode that the processor is operating in. 
The examiner respectfully notes that, by definition, a control value contains a value that indicates 
a mode that a processor is operating in. This is the purpose of a control value: to indicate a 
control (which is a mode). Applicant's argument is therefore not persuasive. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Corey S. Faherty whose telephone number is (571) 270-1319. 
The examiner can normally be reached on Monday-Thursday and every other Friday, 7:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Eddie Chan can be reached on (571) 272-4162. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Eddie P Chan/ /Corey S Faherty/ 

Supervisory Patent Examiner, Art Unit 2183 Examiner, Art Unit 2183 



